[SECURITY][PATCH] PAM change reverses test for valid password

Michael Sweet mike at easysw.com
Tue May 1 17:42:59 GMT 2001

Jeremy Allison wrote:
> ...
> Thanks Andrew for the tidyups, I've committed them in 2.2
> and HEAD. What did you think of the other changes to the
> patch ? I removed the use of the global variables, and
> added the userdata pointer stuff in the dynamic pwconv
> ...

We just ran into a problem under HP-UX 11 with CUPS's PAM
support and the userdata pointer - basically, even though we set
the userdata pointer to a valid value (a pointer to the client data)
the PAM conversation function always got a NULL pointer!

We hadn't seen this particular problem before (might have been a
recent patch that messed things up, although it is extremely
difficult to track patch changes under HP-UX...), but we had to
add a workaround for HP-UX that used a global variable to hold the
current appdata pointer to work around the problem.

When I get a chance I'll be sending in a support request to HP
on this one, but at the very least you should add a NULL check
in the conversation function to protect against a buggy PAM
implementation mysteriously blowing up smbd... :)

Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com

More information about the samba-technical mailing list